
<!doctype html>
<html lang="zh" class="no-js">
  <head>
    
      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width,initial-scale=1">
      
        <meta name="description" content="脚本文档">
      
      
        <meta name="author" content="Logan">
      
      
        <link rel="canonical" href="http://localhost:8000/installation/logging_services/">
      
      
        <link rel="prev" href="../monitoring_services/">
      
      
        <link rel="next" href="../message_queue_services/">
      
      
      <link rel="icon" href="../../image/favicon.ico">
      <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.50">
    
    
      
        <title>日志管理 - 运维无忧文档</title>
      
    
    
      <link rel="stylesheet" href="../../assets/stylesheets/main.a40c8224.min.css">
      
        
        <link rel="stylesheet" href="../../assets/stylesheets/palette.06af60db.min.css">
      
      


    
    
      
    
    
      
        
        
        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
        <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
        <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
      
    
    
      <link rel="stylesheet" href="../../css/extra.css">
    
      <link rel="stylesheet" href="../../css/prism.css">
    
    <script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
    
      

    
    
    
  </head>
  
  
    
    
      
    
    
    
    
    <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="blue">
  
    
    <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
    <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
    <label class="md-overlay" for="__drawer"></label>
    <div data-md-component="skip">
      
        
        <a href="#_1" class="md-skip">
          跳转至
        </a>
      
    </div>
    <div data-md-component="announce">
      
    </div>
    
    
      

  

<header class="md-header md-header--shadow" data-md-component="header">
  <nav class="md-header__inner md-grid" aria-label="页眉">
    <a href="../.." title="运维无忧文档" class="md-header__button md-logo" aria-label="运维无忧文档" data-md-component="logo">
      
  <img src="../../image/logo.png" alt="logo">

    </a>
    <label class="md-header__button md-icon" for="__drawer">
      
      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
    </label>
    <div class="md-header__title" data-md-component="header-title">
      <div class="md-header__ellipsis">
        <div class="md-header__topic">
          <span class="md-ellipsis">
            运维无忧文档
          </span>
        </div>
        <div class="md-header__topic" data-md-component="header-topic">
          <span class="md-ellipsis">
            
              日志管理
            
          </span>
        </div>
      </div>
    </div>
    
      
        <form class="md-header__option" data-md-component="palette">
  
    
    
    
    <input class="md-option" data-md-color-media="" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="blue"  aria-label="Switch to dark mode"  type="radio" name="__palette" id="__palette_0">
    
      <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5s-1.65.15-2.39.42zM3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29zm.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14zM20.65 7l-1.77 3.79a7.02 7.02 0 0 0-2.38-4.15zm-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29zM12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44z"/></svg>
      </label>
    
  
    
    
    
    <input class="md-option" data-md-color-media="" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="blue"  aria-label="Switch to light mode"  type="radio" name="__palette" id="__palette_1">
    
      <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3zm3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95zm-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31"/></svg>
      </label>
    
  
</form>
      
    
    
      <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
    
    
    
      <label class="md-header__button md-icon" for="__search">
        
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
      </label>
      <div class="md-search" data-md-component="search" role="dialog">
  <label class="md-search__overlay" for="__search"></label>
  <div class="md-search__inner" role="search">
    <form class="md-search__form" name="search">
      <input type="text" class="md-search__input" name="query" aria-label="搜索" placeholder="搜索" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
      <label class="md-search__icon md-icon" for="__search">
        
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
        
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
      </label>
      <nav class="md-search__options" aria-label="查找">
        
        <button type="reset" class="md-search__icon md-icon" title="清空当前内容" aria-label="清空当前内容" tabindex="-1">
          
          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
        </button>
      </nav>
      
    </form>
    <div class="md-search__output">
      <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
        <div class="md-search-result" data-md-component="search-result">
          <div class="md-search-result__meta">
            正在初始化搜索引擎
          </div>
          <ol class="md-search-result__list" role="presentation"></ol>
        </div>
      </div>
    </div>
  </div>
</div>
    
    
      <div class="md-header__source">
        <a href="https://git.opsx.vip/docs/wuyou.run.git" title="前往仓库" class="md-source" data-md-component="source">
  <div class="md-source__icon md-icon">
    
    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
  </div>
  <div class="md-source__repository">
    wuyou.run
  </div>
</a>
      </div>
    
  </nav>
  
</header>
    
    <div class="md-container" data-md-component="container">
      
      
        
          
        
      
      <main class="md-main" data-md-component="main">
        <div class="md-main__inner md-grid">
          
            
              
              <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
                    



<nav class="md-nav md-nav--primary" aria-label="导航栏" data-md-level="0">
  <label class="md-nav__title" for="__drawer">
    <a href="../.." title="运维无忧文档" class="md-nav__button md-logo" aria-label="运维无忧文档" data-md-component="logo">
      
  <img src="../../image/logo.png" alt="logo">

    </a>
    运维无忧文档
  </label>
  
    <div class="md-nav__source">
      <a href="https://git.opsx.vip/docs/wuyou.run.git" title="前往仓库" class="md-source" data-md-component="source">
  <div class="md-source__icon md-icon">
    
    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
  </div>
  <div class="md-source__repository">
    wuyou.run
  </div>
</a>
    </div>
  
  <ul class="md-nav__list" data-md-scrollfix>
    
      
      
  
  
  
  
    <li class="md-nav__item">
      <a href="../.." class="md-nav__link">
        
  
  <span class="md-ellipsis">
    首页
  </span>
  

      </a>
    </li>
  

    
      
      
  
  
    
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--active md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" checked>
        
          
          <label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    Linux基础设施
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="true">
          <label class="md-nav__title" for="__nav_2">
            <span class="md-nav__icon md-icon"></span>
            Linux基础设施
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_1" >
        
          
          <label class="md-nav__link" for="__nav_2_1" id="__nav_2_1_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    基础环境配置
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_1_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_2_1">
            <span class="md-nav__icon md-icon"></span>
            基础环境配置
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../system_init/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    系统初始化
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../dev_env/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    开发环境搭建
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
              
                
  
  
    
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--active md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_2" checked>
        
          
          <label class="md-nav__link" for="__nav_2_2" id="__nav_2_2_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    常用服务部署
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_2_label" aria-expanded="true">
          <label class="md-nav__title" for="__nav_2_2">
            <span class="md-nav__icon md-icon"></span>
            常用服务部署
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_2_1" >
        
          
          <label class="md-nav__link" for="__nav_2_2_1" id="__nav_2_2_1_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    Web服务与代理
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_2_2_1_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_2_2_1">
            <span class="md-nav__icon md-icon"></span>
            Web服务与代理
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../web_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    Web服务
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../proxy_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    代理服务
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../services-loadbalancing/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    负载均衡服务
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../cache_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    缓存加速服务
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
              
                
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_2_2" >
        
          
          <label class="md-nav__link" for="__nav_2_2_2" id="__nav_2_2_2_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    数据存储
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_2_2_2_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_2_2_2">
            <span class="md-nav__icon md-icon"></span>
            数据存储
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../database_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    数据库服务
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../storage_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    文件存储服务
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
              
                
  
  
    
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--active md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_2_3" checked>
        
          
          <label class="md-nav__link" for="__nav_2_2_3" id="__nav_2_2_3_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    监控与日志
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_2_2_3_label" aria-expanded="true">
          <label class="md-nav__title" for="__nav_2_2_3">
            <span class="md-nav__icon md-icon"></span>
            监控与日志
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../monitoring_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    监控系统
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
    
  
  
  
    <li class="md-nav__item md-nav__item--active">
      
      <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
      
      
        
      
      
        <label class="md-nav__link md-nav__link--active" for="__toc">
          
  
  <span class="md-ellipsis">
    日志管理
  </span>
  

          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <a href="./" class="md-nav__link md-nav__link--active">
        
  
  <span class="md-ellipsis">
    日志管理
  </span>
  

      </a>
      
        

<nav class="md-nav md-nav--secondary" aria-label="目录">
  
  
  
    
  
  
    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
      目录
    </label>
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
      
        <li class="md-nav__item">
  <a href="#elk-stack-elasticsearch-logstash-kibana" class="md-nav__link">
    <span class="md-ellipsis">
      ELK Stack (Elasticsearch, Logstash, Kibana)
    </span>
  </a>
  
    <nav class="md-nav" aria-label="ELK Stack (Elasticsearch, Logstash, Kibana)">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#elasticsearch" class="md-nav__link">
    <span class="md-ellipsis">
      Elasticsearch部署
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Elasticsearch部署">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#elasticsearch_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Elasticsearch
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#elasticsearch_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Elasticsearch
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#elasticsearch_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Elasticsearch服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#logstash" class="md-nav__link">
    <span class="md-ellipsis">
      Logstash部署
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Logstash部署">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#logstash_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Logstash
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#logstash_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Logstash
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#logstash_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Logstash服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#kibana" class="md-nav__link">
    <span class="md-ellipsis">
      Kibana部署
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Kibana部署">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#kibana_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Kibana
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#kibana_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Kibana
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#kibana_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Kibana服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#filebeat" class="md-nav__link">
    <span class="md-ellipsis">
      Filebeat部署 (客户端)
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Filebeat部署 (客户端)">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#filebeat_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Filebeat
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#filebeat_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Filebeat
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#filebeat_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Filebeat服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#kibana_4" class="md-nav__link">
    <span class="md-ellipsis">
      配置Kibana
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_2" class="md-nav__link">
    <span class="md-ellipsis">
      安全配置
    </span>
  </a>
  
    <nav class="md-nav" aria-label="安全配置">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#elasticsearch_4" class="md-nav__link">
    <span class="md-ellipsis">
      Elasticsearch安全设置
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#kibana_5" class="md-nav__link">
    <span class="md-ellipsis">
      Kibana安全设置
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#logstash_4" class="md-nav__link">
    <span class="md-ellipsis">
      Logstash安全设置
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#filebeat_4" class="md-nav__link">
    <span class="md-ellipsis">
      Filebeat安全设置
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#loki-grafana" class="md-nav__link">
    <span class="md-ellipsis">
      Loki + Grafana 轻量级日志系统
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Loki + Grafana 轻量级日志系统">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#loki" class="md-nav__link">
    <span class="md-ellipsis">
      Loki服务端部署
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Loki服务端部署">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#loki_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Loki
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#loki_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Loki
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#systemd" class="md-nav__link">
    <span class="md-ellipsis">
      创建Systemd服务
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#loki_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Loki服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#promtail" class="md-nav__link">
    <span class="md-ellipsis">
      Promtail部署 (日志收集客户端)
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Promtail部署 (日志收集客户端)">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#promtail_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Promtail
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#promtail_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Promtail
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#systemd_1" class="md-nav__link">
    <span class="md-ellipsis">
      创建Systemd服务
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#promtail_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Promtail服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#grafana" class="md-nav__link">
    <span class="md-ellipsis">
      Grafana配置
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Grafana配置">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#loki_4" class="md-nav__link">
    <span class="md-ellipsis">
      添加Loki数据源
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#loki_5" class="md-nav__link">
    <span class="md-ellipsis">
      创建Loki仪表板
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#loki_6" class="md-nav__link">
    <span class="md-ellipsis">
      高级Loki查询
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#fluentd" class="md-nav__link">
    <span class="md-ellipsis">
      Fluentd 日志收集器
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Fluentd 日志收集器">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_3" class="md-nav__link">
    <span class="md-ellipsis">
      服务端部署
    </span>
  </a>
  
    <nav class="md-nav" aria-label="服务端部署">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#fluentd_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Fluentd
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#fluentd_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Fluentd
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#fluentd_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Fluentd服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#fluent-bit" class="md-nav__link">
    <span class="md-ellipsis">
      客户端部署 (Fluent Bit)
    </span>
  </a>
  
    <nav class="md-nav" aria-label="客户端部署 (Fluent Bit)">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#fluent-bit_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Fluent Bit
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#fluent-bit_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Fluent Bit
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#fluent-bit_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Fluent Bit服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_4" class="md-nav__link">
    <span class="md-ellipsis">
      添加自定义解析器
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_5" class="md-nav__link">
    <span class="md-ellipsis">
      高级配置
    </span>
  </a>
  
    <nav class="md-nav" aria-label="高级配置">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#fluentd_4" class="md-nav__link">
    <span class="md-ellipsis">
      Fluentd缓冲区优化
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#fluentd_5" class="md-nav__link">
    <span class="md-ellipsis">
      Fluentd性能优化
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#graylog" class="md-nav__link">
    <span class="md-ellipsis">
      Graylog 综合日志管理系统
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Graylog 综合日志管理系统">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_6" class="md-nav__link">
    <span class="md-ellipsis">
      前置要求
    </span>
  </a>
  
    <nav class="md-nav" aria-label="前置要求">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#java" class="md-nav__link">
    <span class="md-ellipsis">
      安装Java
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#mongodb" class="md-nav__link">
    <span class="md-ellipsis">
      安装MongoDB
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#elasticsearch_5" class="md-nav__link">
    <span class="md-ellipsis">
      安装Elasticsearch
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#graylog_1" class="md-nav__link">
    <span class="md-ellipsis">
      Graylog服务器安装
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Graylog服务器安装">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#graylog_2" class="md-nav__link">
    <span class="md-ellipsis">
      安装Graylog
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#graylog_3" class="md-nav__link">
    <span class="md-ellipsis">
      配置Graylog
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#graylog_4" class="md-nav__link">
    <span class="md-ellipsis">
      启动Graylog服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_7" class="md-nav__link">
    <span class="md-ellipsis">
      配置输入
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#rsyslog" class="md-nav__link">
    <span class="md-ellipsis">
      配置客户端 (rsyslog)
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#dashboard" class="md-nav__link">
    <span class="md-ellipsis">
      创建Dashboard
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_8" class="md-nav__link">
    <span class="md-ellipsis">
      创建提取器
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_9" class="md-nav__link">
    <span class="md-ellipsis">
      设置报警
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
    </ul>
  
</nav>
      
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../message_queue_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    消息队列
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
              
                
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_3" >
        
          
          <label class="md-nav__link" for="__nav_2_3" id="__nav_2_3_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    系统运维
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_3_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_2_3">
            <span class="md-nav__icon md-icon"></span>
            系统运维
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../storage/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    存储与备份
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../lvm/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    LVM存储管理
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../network/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    网络服务配置
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../monitor/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    监控与日志
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

    
      
      
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" >
        
          
          <label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    容器与编排
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_3">
            <span class="md-nav__icon md-icon"></span>
            容器与编排
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_1" >
        
          
          <label class="md-nav__link" for="__nav_3_1" id="__nav_3_1_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    Docker
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_1_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_3_1">
            <span class="md-nav__icon md-icon"></span>
            Docker
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../docker/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    基础安装
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../docker/build/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    镜像构建
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../docker/services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    常用服务部署
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../docker/network-storage/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    网络与存储
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../docker-compose/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    Docker Compose
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_3" >
        
          
          <label class="md-nav__link" for="__nav_3_3" id="__nav_3_3_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    Kubernetes
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_3_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_3_3">
            <span class="md-nav__icon md-icon"></span>
            Kubernetes
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../kubernetes/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    集群部署
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../kubernetes/resources/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    资源管理
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../kubernetes/operations/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    运维操作
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../kubernetes/best-practices/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    最佳实践
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

    
      
      
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" >
        
          
          <label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    DevOps工具链
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_4">
            <span class="md-nav__icon md-icon"></span>
            DevOps工具链
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../cicd/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    CI/CD流水线
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../devops/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    自动化运维
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

    
      
      
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
        
          
          <label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    Shell 快速入门
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_5">
            <span class="md-nav__icon md-icon"></span>
            Shell 快速入门
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../shell/introduction/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    Linux 基础命令
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../shell/commands/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    常用命令集
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../shell/variables_and_data_types/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    变量和数据类型
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../shell/control_flow/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    控制流程 (if、else、for、while)
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../shell/functions/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    Shell函数
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../shell/text_processing/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    文本处理三剑客
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../shell/scripts/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    Shell脚本实战
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

    
  </ul>
</nav>
                  </div>
                </div>
              </div>
            
            
              
              <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
                    

<nav class="md-nav md-nav--secondary" aria-label="目录">
  
  
  
    
  
  
    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
      目录
    </label>
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
      
        <li class="md-nav__item">
  <a href="#elk-stack-elasticsearch-logstash-kibana" class="md-nav__link">
    <span class="md-ellipsis">
      ELK Stack (Elasticsearch, Logstash, Kibana)
    </span>
  </a>
  
    <nav class="md-nav" aria-label="ELK Stack (Elasticsearch, Logstash, Kibana)">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#elasticsearch" class="md-nav__link">
    <span class="md-ellipsis">
      Elasticsearch部署
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Elasticsearch部署">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#elasticsearch_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Elasticsearch
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#elasticsearch_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Elasticsearch
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#elasticsearch_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Elasticsearch服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#logstash" class="md-nav__link">
    <span class="md-ellipsis">
      Logstash部署
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Logstash部署">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#logstash_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Logstash
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#logstash_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Logstash
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#logstash_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Logstash服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#kibana" class="md-nav__link">
    <span class="md-ellipsis">
      Kibana部署
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Kibana部署">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#kibana_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Kibana
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#kibana_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Kibana
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#kibana_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Kibana服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#filebeat" class="md-nav__link">
    <span class="md-ellipsis">
      Filebeat部署 (客户端)
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Filebeat部署 (客户端)">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#filebeat_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Filebeat
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#filebeat_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Filebeat
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#filebeat_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Filebeat服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#kibana_4" class="md-nav__link">
    <span class="md-ellipsis">
      配置Kibana
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_2" class="md-nav__link">
    <span class="md-ellipsis">
      安全配置
    </span>
  </a>
  
    <nav class="md-nav" aria-label="安全配置">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#elasticsearch_4" class="md-nav__link">
    <span class="md-ellipsis">
      Elasticsearch安全设置
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#kibana_5" class="md-nav__link">
    <span class="md-ellipsis">
      Kibana安全设置
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#logstash_4" class="md-nav__link">
    <span class="md-ellipsis">
      Logstash安全设置
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#filebeat_4" class="md-nav__link">
    <span class="md-ellipsis">
      Filebeat安全设置
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#loki-grafana" class="md-nav__link">
    <span class="md-ellipsis">
      Loki + Grafana 轻量级日志系统
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Loki + Grafana 轻量级日志系统">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#loki" class="md-nav__link">
    <span class="md-ellipsis">
      Loki服务端部署
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Loki服务端部署">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#loki_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Loki
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#loki_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Loki
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#systemd" class="md-nav__link">
    <span class="md-ellipsis">
      创建Systemd服务
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#loki_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Loki服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#promtail" class="md-nav__link">
    <span class="md-ellipsis">
      Promtail部署 (日志收集客户端)
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Promtail部署 (日志收集客户端)">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#promtail_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Promtail
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#promtail_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Promtail
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#systemd_1" class="md-nav__link">
    <span class="md-ellipsis">
      创建Systemd服务
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#promtail_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Promtail服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#grafana" class="md-nav__link">
    <span class="md-ellipsis">
      Grafana配置
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Grafana配置">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#loki_4" class="md-nav__link">
    <span class="md-ellipsis">
      添加Loki数据源
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#loki_5" class="md-nav__link">
    <span class="md-ellipsis">
      创建Loki仪表板
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#loki_6" class="md-nav__link">
    <span class="md-ellipsis">
      高级Loki查询
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#fluentd" class="md-nav__link">
    <span class="md-ellipsis">
      Fluentd 日志收集器
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Fluentd 日志收集器">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_3" class="md-nav__link">
    <span class="md-ellipsis">
      服务端部署
    </span>
  </a>
  
    <nav class="md-nav" aria-label="服务端部署">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#fluentd_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Fluentd
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#fluentd_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Fluentd
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#fluentd_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Fluentd服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#fluent-bit" class="md-nav__link">
    <span class="md-ellipsis">
      客户端部署 (Fluent Bit)
    </span>
  </a>
  
    <nav class="md-nav" aria-label="客户端部署 (Fluent Bit)">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#fluent-bit_1" class="md-nav__link">
    <span class="md-ellipsis">
      安装Fluent Bit
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#fluent-bit_2" class="md-nav__link">
    <span class="md-ellipsis">
      配置Fluent Bit
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#fluent-bit_3" class="md-nav__link">
    <span class="md-ellipsis">
      启动Fluent Bit服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_4" class="md-nav__link">
    <span class="md-ellipsis">
      添加自定义解析器
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_5" class="md-nav__link">
    <span class="md-ellipsis">
      高级配置
    </span>
  </a>
  
    <nav class="md-nav" aria-label="高级配置">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#fluentd_4" class="md-nav__link">
    <span class="md-ellipsis">
      Fluentd缓冲区优化
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#fluentd_5" class="md-nav__link">
    <span class="md-ellipsis">
      Fluentd性能优化
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#graylog" class="md-nav__link">
    <span class="md-ellipsis">
      Graylog 综合日志管理系统
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Graylog 综合日志管理系统">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_6" class="md-nav__link">
    <span class="md-ellipsis">
      前置要求
    </span>
  </a>
  
    <nav class="md-nav" aria-label="前置要求">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#java" class="md-nav__link">
    <span class="md-ellipsis">
      安装Java
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#mongodb" class="md-nav__link">
    <span class="md-ellipsis">
      安装MongoDB
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#elasticsearch_5" class="md-nav__link">
    <span class="md-ellipsis">
      安装Elasticsearch
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#graylog_1" class="md-nav__link">
    <span class="md-ellipsis">
      Graylog服务器安装
    </span>
  </a>
  
    <nav class="md-nav" aria-label="Graylog服务器安装">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#graylog_2" class="md-nav__link">
    <span class="md-ellipsis">
      安装Graylog
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#graylog_3" class="md-nav__link">
    <span class="md-ellipsis">
      配置Graylog
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#graylog_4" class="md-nav__link">
    <span class="md-ellipsis">
      启动Graylog服务
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_7" class="md-nav__link">
    <span class="md-ellipsis">
      配置输入
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#rsyslog" class="md-nav__link">
    <span class="md-ellipsis">
      配置客户端 (rsyslog)
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#dashboard" class="md-nav__link">
    <span class="md-ellipsis">
      创建Dashboard
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_8" class="md-nav__link">
    <span class="md-ellipsis">
      创建提取器
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_9" class="md-nav__link">
    <span class="md-ellipsis">
      设置报警
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
    </ul>
  
</nav>
                  </div>
                </div>
              </div>
            
          
          
            <div class="md-content" data-md-component="content">
              <article class="md-content__inner md-typeset">
                
                  

  
  


<h1 id="_1">日志管理系统部署指南</h1>
<p>@author Loganli</p>
<h2 id="elk-stack-elasticsearch-logstash-kibana">ELK Stack (Elasticsearch, Logstash, Kibana)</h2>
<h3 id="elasticsearch">Elasticsearch部署</h3>
<h4 id="elasticsearch_1">安装Elasticsearch</h4>
<pre><code class="language-bash"># 安装Java
yum install -y java-11-openjdk-devel

# 添加Elasticsearch源
cat &gt; /etc/yum.repos.d/elasticsearch.repo &lt;&lt; EOF
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

# 安装Elasticsearch
yum install -y elasticsearch

# 设置系统参数
cat &gt; /etc/sysctl.d/elasticsearch.conf &lt;&lt; EOF
vm.max_map_count=262144
EOF
sysctl -p /etc/sysctl.d/elasticsearch.conf

# 创建数据目录
mkdir -p /var/lib/elasticsearch
chown -R elasticsearch:elasticsearch /var/lib/elasticsearch
</code></pre>
<h4 id="elasticsearch_2">配置Elasticsearch</h4>
<p>编辑配置文件 <code>/etc/elasticsearch/elasticsearch.yml</code>:</p>
<pre><code class="language-yaml"># 集群设置
cluster.name: elk-cluster

# 节点设置
node.name: node-1
node.master: true
node.data: true

# 路径设置
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch

# 网络设置
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300

# 内存设置在jvm.options中设置
# -Xms4g
# -Xmx4g

# 发现设置
discovery.seed_hosts: [&quot;localhost&quot;]
cluster.initial_master_nodes: [&quot;node-1&quot;]

# 跨域设置（用于Kibana）
http.cors.enabled: true
http.cors.allow-origin: &quot;*&quot;
</code></pre>
<p>JVM配置 <code>/etc/elasticsearch/jvm.options</code>:</p>
<pre><code>-Xms2g
-Xmx2g
</code></pre>
<h4 id="elasticsearch_3">启动Elasticsearch服务</h4>
<pre><code class="language-bash"># 启动Elasticsearch
systemctl start elasticsearch
systemctl enable elasticsearch
systemctl status elasticsearch

# 检查是否启动成功
curl http://localhost:9200
</code></pre>
<h3 id="logstash">Logstash部署</h3>
<h4 id="logstash_1">安装Logstash</h4>
<pre><code class="language-bash"># 安装Logstash
yum install -y logstash
</code></pre>
<h4 id="logstash_2">配置Logstash</h4>
<p>创建基本输入配置 <code>/etc/logstash/conf.d/01-inputs.conf</code>:</p>
<pre><code>input {
  # 文件输入
  file {
    path =&gt; &quot;/var/log/messages&quot;
    type =&gt; &quot;syslog&quot;
    start_position =&gt; &quot;beginning&quot;
  }

  # Beats输入 (用于Filebeat)
  beats {
    port =&gt; 5044
    host =&gt; &quot;0.0.0.0&quot;
  }

  # Syslog输入
  syslog {
    port =&gt; 5514
    type =&gt; &quot;syslog&quot;
  }
}
</code></pre>
<p>创建过滤配置 <code>/etc/logstash/conf.d/30-filters.conf</code>:</p>
<pre><code>filter {
  if [type] == &quot;syslog&quot; {
    grok {
      match =&gt; { &quot;message&quot; =&gt; &quot;%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}&quot; }
    }
    date {
      match =&gt; [ &quot;syslog_timestamp&quot;, &quot;MMM  d HH:mm:ss&quot;, &quot;MMM dd HH:mm:ss&quot; ]
    }
  }

  # 解析Apache日志
  if [type] == &quot;apache_access&quot; {
    grok {
      match =&gt; { &quot;message&quot; =&gt; &quot;%{COMBINEDAPACHELOG}&quot; }
    }
    date {
      match =&gt; [ &quot;timestamp&quot;, &quot;dd/MMM/yyyy:HH:mm:ss Z&quot; ]
    }
    geoip {
      source =&gt; &quot;clientip&quot;
    }
  }

  # 解析Nginx日志
  if [type] == &quot;nginx_access&quot; {
    grok {
      match =&gt; { &quot;message&quot; =&gt; &quot;%{COMBINEDAPACHELOG}&quot; }
    }
    date {
      match =&gt; [ &quot;timestamp&quot;, &quot;dd/MMM/yyyy:HH:mm:ss Z&quot; ]
    }
    geoip {
      source =&gt; &quot;clientip&quot;
    }
  }

  # 添加主机名
  mutate {
    add_field =&gt; { &quot;host&quot; =&gt; &quot;%{host}&quot; }
  }
}
</code></pre>
<p>创建输出配置 <code>/etc/logstash/conf.d/50-outputs.conf</code>:</p>
<pre><code>output {
  elasticsearch {
    hosts =&gt; [&quot;localhost:9200&quot;]
    index =&gt; &quot;%{[@metadata][beat]}-%{+YYYY.MM.dd}&quot;
    document_type =&gt; &quot;%{[@metadata][type]}&quot;
  }

  # 调试输出
  #stdout { codec =&gt; rubydebug }
}
</code></pre>
<h4 id="logstash_3">启动Logstash服务</h4>
<pre><code class="language-bash"># 测试配置
/usr/share/logstash/bin/logstash --path.settings /etc/logstash -t

# 启动Logstash
systemctl start logstash
systemctl enable logstash
systemctl status logstash
</code></pre>
<h3 id="kibana">Kibana部署</h3>
<h4 id="kibana_1">安装Kibana</h4>
<pre><code class="language-bash"># 安装Kibana
yum install -y kibana
</code></pre>
<h4 id="kibana_2">配置Kibana</h4>
<p>编辑配置文件 <code>/etc/kibana/kibana.yml</code>:</p>
<pre><code class="language-yaml"># 服务器配置
server.port: 5601
server.host: &quot;0.0.0.0&quot;

# Elasticsearch配置
elasticsearch.hosts: [&quot;http://localhost:9200&quot;]

# Kibana配置
kibana.index: &quot;.kibana&quot;
</code></pre>
<h4 id="kibana_3">启动Kibana服务</h4>
<pre><code class="language-bash"># 启动Kibana
systemctl start kibana
systemctl enable kibana
systemctl status kibana
</code></pre>
<h3 id="filebeat">Filebeat部署 (客户端)</h3>
<h4 id="filebeat_1">安装Filebeat</h4>
<p>在需要采集日志的服务器上安装Filebeat:</p>
<pre><code class="language-bash"># 添加Elasticsearch源
cat &gt; /etc/yum.repos.d/elasticsearch.repo &lt;&lt; EOF
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

# 安装Filebeat
yum install -y filebeat
</code></pre>
<h4 id="filebeat_2">配置Filebeat</h4>
<p>编辑配置文件 <code>/etc/filebeat/filebeat.yml</code>:</p>
<pre><code class="language-yaml">filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/messages
    - /var/log/secure
  fields:
    type: syslog
  fields_under_root: true

- type: log
  enabled: true
  paths:
    - /var/log/httpd/access_log
    - /var/log/httpd/error_log
  fields:
    type: apache
  fields_under_root: true

- type: log
  enabled: true
  paths:
    - /var/log/nginx/access.log
    - /var/log/nginx/error.log
  fields:
    type: nginx
  fields_under_root: true

output.logstash:
  hosts: [&quot;logstash_server:5044&quot;]

# 日志设置
logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0644
</code></pre>
<h4 id="filebeat_3">启动Filebeat服务</h4>
<pre><code class="language-bash"># 测试配置
filebeat test config -c /etc/filebeat/filebeat.yml

# 测试Logstash输出
filebeat test output -c /etc/filebeat/filebeat.yml

# 启动Filebeat
systemctl start filebeat
systemctl enable filebeat
systemctl status filebeat
</code></pre>
<h3 id="kibana_4">配置Kibana</h3>
<p>通过浏览器访问Kibana (http://server_ip:5601) 并执行以下步骤:</p>
<ol>
<li>创建索引模式</li>
<li>导航到 Management &gt; Stack Management &gt; Kibana &gt; Index Patterns</li>
<li>点击 "Create index pattern"</li>
<li>输入 "filebeat-<em>" 或 "logstash-</em>"</li>
<li>选择 "@timestamp" 作为时间字段</li>
<li>
<p>点击 "Create index pattern"</p>
</li>
<li>
<p>创建可视化</p>
</li>
<li>导航到 Visualize</li>
<li>点击 "Create new visualization"</li>
<li>选择可视化类型 (如 "Area", "Bar", "Pie" 等)</li>
<li>选择你的索引模式</li>
<li>
<p>配置可视化</p>
</li>
<li>
<p>创建仪表板</p>
</li>
<li>导航到 Dashboard</li>
<li>点击 "Create new dashboard"</li>
<li>点击 "Add" 添加已保存的可视化</li>
<li>保存仪表板</li>
</ol>
<h3 id="_2">安全配置</h3>
<h4 id="elasticsearch_4">Elasticsearch安全设置</h4>
<p>编辑 <code>/etc/elasticsearch/elasticsearch.yml</code>:</p>
<pre><code class="language-yaml"># 启用安全设置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
</code></pre>
<p>生成证书:</p>
<pre><code class="language-bash"># 切换到Elasticsearch目录
cd /usr/share/elasticsearch

# 生成证书
bin/elasticsearch-certutil cert -out /etc/elasticsearch/elastic-certificates.p12 -pass &quot;&quot;

# 设置权限
chown elasticsearch:elasticsearch /etc/elasticsearch/elastic-certificates.p12
</code></pre>
<p>设置内置用户密码:</p>
<pre><code class="language-bash"># 设置内置用户密码
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
</code></pre>
<h4 id="kibana_5">Kibana安全设置</h4>
<p>编辑 <code>/etc/kibana/kibana.yml</code>:</p>
<pre><code class="language-yaml"># 添加Elasticsearch凭证
elasticsearch.username: &quot;kibana_system&quot;
elasticsearch.password: &quot;your_password_here&quot;
</code></pre>
<h4 id="logstash_4">Logstash安全设置</h4>
<p>创建 <code>/etc/logstash/logstash.keystore</code>:</p>
<pre><code class="language-bash">/usr/share/logstash/bin/logstash-keystore create
/usr/share/logstash/bin/logstash-keystore add ES_USER
/usr/share/logstash/bin/logstash-keystore add ES_PWD
</code></pre>
<p>修改 <code>/etc/logstash/conf.d/50-outputs.conf</code>:</p>
<pre><code>output {
  elasticsearch {
    hosts =&gt; [&quot;localhost:9200&quot;]
    index =&gt; &quot;%{[@metadata][beat]}-%{+YYYY.MM.dd}&quot;
    user =&gt; &quot;${ES_USER}&quot;
    password =&gt; &quot;${ES_PWD}&quot;
  }
}
</code></pre>
<h4 id="filebeat_4">Filebeat安全设置</h4>
<p>编辑 <code>/etc/filebeat/filebeat.yml</code>:</p>
<pre><code class="language-yaml">output.logstash:
  hosts: [&quot;logstash_server:5044&quot;]
  ssl.enabled: true
  ssl.certificate_authorities: [&quot;/etc/filebeat/ca.crt&quot;]
  ssl.certificate: &quot;/etc/filebeat/client.crt&quot;
  ssl.key: &quot;/etc/filebeat/client.key&quot;
</code></pre>
<h2 id="loki-grafana">Loki + Grafana 轻量级日志系统</h2>
<h3 id="loki">Loki服务端部署</h3>
<h4 id="loki_1">安装Loki</h4>
<pre><code class="language-bash"># 下载Loki二进制文件
wget https://github.com/grafana/loki/releases/download/v2.4.2/loki-linux-amd64.zip
unzip loki-linux-amd64.zip
mv loki-linux-amd64 /usr/local/bin/loki
chmod +x /usr/local/bin/loki

# 创建配置目录
mkdir -p /etc/loki
mkdir -p /var/lib/loki
</code></pre>
<h4 id="loki_2">配置Loki</h4>
<p>创建配置文件 <code>/etc/loki/config.yaml</code>:</p>
<pre><code class="language-yaml">auth_enabled: false

server:
  http_listen_port: 3100
  grpc_listen_port: 9096

ingester:
  lifecycler:
    address: 127.0.0.1
    ring:
      kvstore:
        store: inmemory
      replication_factor: 1
    final_sleep: 0s
  chunk_idle_period: 1h
  chunk_retain_period: 30s
  max_chunk_age: 1h

schema_config:
  configs:
    - from: 2020-10-24
      store: boltdb-shipper
      object_store: filesystem
      schema: v11
      index:
        prefix: index_
        period: 24h

storage_config:
  boltdb_shipper:
    active_index_directory: /var/lib/loki/index
    cache_location: /var/lib/loki/cache
    cache_ttl: 24h
    shared_store: filesystem
  filesystem:
    directory: /var/lib/loki/chunks

compactor:
  working_directory: /var/lib/loki/compactor
  shared_store: filesystem

limits_config:
  reject_old_samples: true
  reject_old_samples_max_age: 168h
  ingestion_rate_mb: 4
  ingestion_burst_size_mb: 6

chunk_store_config:
  max_look_back_period: 336h

table_manager:
  retention_deletes_enabled: true
  retention_period: 336h

query_range:
  align_queries_with_step: true
  max_retries: 5
  cache_results: true
  results_cache:
    cache:
      enable_fifocache: true
      fifocache:
        max_size_items: 1024
        validity: 24h
</code></pre>
<h4 id="systemd">创建Systemd服务</h4>
<p>创建 <code>/etc/systemd/system/loki.service</code>:</p>
<pre><code class="language-ini">[Unit]
Description=Loki Log Aggregator
After=network.target

[Service]
User=root
ExecStart=/usr/local/bin/loki -config.file=/etc/loki/config.yaml
Restart=always

[Install]
WantedBy=multi-user.target
</code></pre>
<h4 id="loki_3">启动Loki服务</h4>
<pre><code class="language-bash"># 启动Loki
systemctl daemon-reload
systemctl start loki
systemctl enable loki
systemctl status loki

# 检查是否成功
curl http://localhost:3100/ready
</code></pre>
<h3 id="promtail">Promtail部署 (日志收集客户端)</h3>
<h4 id="promtail_1">安装Promtail</h4>
<p>在需要收集日志的服务器上:</p>
<pre><code class="language-bash"># 下载Promtail二进制文件
wget https://github.com/grafana/loki/releases/download/v2.4.2/promtail-linux-amd64.zip
unzip promtail-linux-amd64.zip
mv promtail-linux-amd64 /usr/local/bin/promtail
chmod +x /usr/local/bin/promtail

# 创建配置目录
mkdir -p /etc/promtail
</code></pre>
<h4 id="promtail_2">配置Promtail</h4>
<p>创建配置文件 <code>/etc/promtail/config.yaml</code>:</p>
<pre><code class="language-yaml">server:
  http_listen_port: 9080
  grpc_listen_port: 0

positions:
  filename: /var/lib/promtail/positions.yaml

clients:
  - url: http://loki_server:3100/loki/api/v1/push

scrape_configs:
  - job_name: system
    static_configs:
      - targets:
          - localhost
        labels:
          job: varlogs
          __path__: /var/log/*log

  - job_name: syslog
    static_configs:
      - targets:
          - localhost
        labels:
          job: syslog
          __path__: /var/log/syslog

  - job_name: apache
    static_configs:
      - targets:
          - localhost
        labels:
          job: apache
          __path__: /var/log/apache2/*log

  - job_name: nginx
    static_configs:
      - targets:
          - localhost
        labels:
          job: nginx
          __path__: /var/log/nginx/*log
</code></pre>
<h4 id="systemd_1">创建Systemd服务</h4>
<p>创建 <code>/etc/systemd/system/promtail.service</code>:</p>
<pre><code class="language-ini">[Unit]
Description=Promtail Log Agent
After=network.target

[Service]
User=root
ExecStart=/usr/local/bin/promtail -config.file=/etc/promtail/config.yaml
Restart=always

[Install]
WantedBy=multi-user.target
</code></pre>
<h4 id="promtail_3">启动Promtail服务</h4>
<pre><code class="language-bash"># 创建必要的目录
mkdir -p /var/lib/promtail

# 启动Promtail
systemctl daemon-reload
systemctl start promtail
systemctl enable promtail
systemctl status promtail
</code></pre>
<h3 id="grafana">Grafana配置</h3>
<h4 id="loki_4">添加Loki数据源</h4>
<ol>
<li>登录Grafana界面</li>
<li>导航至Configuration &gt; Data Sources</li>
<li>点击 "Add data source"</li>
<li>选择 "Loki"</li>
<li>配置URL: http://loki_server:3100</li>
<li>点击 "Save &amp; Test"</li>
</ol>
<h4 id="loki_5">创建Loki仪表板</h4>
<ol>
<li>导航至Explore</li>
<li>选择Loki数据源</li>
<li>输入查询，例如: <code>{job="nginx"}</code></li>
<li>使用日志浏览器探索和过滤日志</li>
<li>保存查询以创建仪表板</li>
</ol>
<h3 id="loki_6">高级Loki查询</h3>
<pre><code># 搜索包含特定文本的日志
{job=&quot;nginx&quot;} |= &quot;error&quot;

# 排除特定文本
{job=&quot;nginx&quot;} != &quot;404&quot;

# 正则表达式匹配
{job=&quot;nginx&quot;} |~ &quot;error.*timeout&quot;

# 组合过滤器
{job=&quot;nginx&quot;} |= &quot;error&quot; != &quot;timeout&quot;

# 提取标签
{job=&quot;nginx&quot;} | pattern &quot;&lt;_&gt; - &lt;user&gt; [&lt;_&gt;] \&quot;&lt;method&gt; &lt;path&gt; &lt;_&gt;\&quot; &lt;status&gt; &lt;size&gt;&quot; | status=~&quot;5..&quot;

# 统计特定错误数量
sum(count_over_time({job=&quot;nginx&quot;} |= &quot;error&quot; [5m])) by (host)
</code></pre>
<h2 id="fluentd">Fluentd 日志收集器</h2>
<h3 id="_3">服务端部署</h3>
<h4 id="fluentd_1">安装Fluentd</h4>
<pre><code class="language-bash"># 安装依赖
yum install -y curl

# 添加td-agent (Fluentd的稳定版本)源
curl -L https://toolbelt.treasuredata.com/sh/install-redhat-td-agent4.sh | sh
</code></pre>
<h4 id="fluentd_2">配置Fluentd</h4>
<p>编辑 <code>/etc/td-agent/td-agent.conf</code>:</p>
<pre><code># 监听端口接收日志
&lt;source&gt;
  @type forward
  port 24224
  bind 0.0.0.0
&lt;/source&gt;

# HTTP输入
&lt;source&gt;
  @type http
  port 8888
  bind 0.0.0.0
&lt;/source&gt;

# Syslog输入
&lt;source&gt;
  @type syslog
  port 5140
  bind 0.0.0.0
  tag system.syslog
&lt;/source&gt;

# 存储到Elasticsearch
&lt;match **&gt;
  @type elasticsearch
  host elasticsearch_host
  port 9200
  logstash_format true
  logstash_prefix fluentd
  &lt;buffer&gt;
    @type file
    path /var/log/td-agent/buffer
    flush_mode interval
    flush_interval 5s
    chunk_limit_size 2M
    queue_limit_length 4
    retry_max_interval 30
    retry_forever true
  &lt;/buffer&gt;
&lt;/match&gt;

# 也可以输出到文件
&lt;match system.**&gt;
  @type file
  path /var/log/td-agent/files/${tag}/%Y/%m/%d/
  append true
  &lt;buffer tag,time&gt;
    @type file
    path /var/log/td-agent/buffer/system
    timekey 1d
    timekey_use_utc true
    timekey_wait 10m
  &lt;/buffer&gt;
&lt;/match&gt;
</code></pre>
<h4 id="fluentd_3">启动Fluentd服务</h4>
<pre><code class="language-bash"># 启动服务
systemctl start td-agent
systemctl enable td-agent
systemctl status td-agent

# 检查日志
tail -f /var/log/td-agent/td-agent.log
</code></pre>
<h3 id="fluent-bit">客户端部署 (Fluent Bit)</h3>
<p>对于轻量级客户端，建议使用Fluent Bit:</p>
<h4 id="fluent-bit_1">安装Fluent Bit</h4>
<pre><code class="language-bash"># 添加源
curl https://packages.fluentbit.io/fluentbit.key | gpg --import
cat &gt; /etc/yum.repos.d/fluent-bit.repo &lt;&lt; EOF
[fluent-bit]
name = Fluent Bit
baseurl = https://packages.fluentbit.io/centos/7
gpgcheck=1
gpgkey=https://packages.fluentbit.io/fluentbit.key
enabled=1
EOF

# 安装
yum install -y fluent-bit
</code></pre>
<h4 id="fluent-bit_2">配置Fluent Bit</h4>
<p>编辑 <code>/etc/fluent-bit/fluent-bit.conf</code>:</p>
<pre><code>[SERVICE]
    Flush        5
    Daemon       Off
    Log_Level    info
    Parsers_File parsers.conf

[INPUT]
    Name        tail
    Path        /var/log/messages
    Tag         system.messages
    Parser      syslog

[INPUT]
    Name        tail
    Path        /var/log/secure
    Tag         system.secure
    Parser      syslog

[INPUT]
    Name        tail
    Path        /var/log/nginx/access.log
    Tag         nginx.access
    Parser      nginx

[FILTER]
    Name        record_modifier
    Match       *
    Record      hostname ${HOSTNAME}

[OUTPUT]
    Name        forward
    Match       *
    Host        fluentd_server
    Port        24224
</code></pre>
<h4 id="fluent-bit_3">启动Fluent Bit服务</h4>
<pre><code class="language-bash"># 启动服务
systemctl start fluent-bit
systemctl enable fluent-bit
systemctl status fluent-bit

# 检查日志
tail -f /var/log/messages | grep fluent-bit
</code></pre>
<h3 id="_4">添加自定义解析器</h3>
<p>编辑 <code>/etc/fluent-bit/parsers.conf</code>:</p>
<pre><code>[PARSER]
    Name        nginx
    Format      regex
    Regex       ^(?&lt;remote&gt;[^ ]*) (?&lt;host&gt;[^ ]*) (?&lt;user&gt;[^ ]*) \[(?&lt;time&gt;[^\]]*)\] &quot;(?&lt;method&gt;\S+)(?: +(?&lt;path&gt;[^\&quot;]*?)(?: +\S*)?)?&quot; (?&lt;code&gt;[^ ]*) (?&lt;size&gt;[^ ]*)(?: &quot;(?&lt;referer&gt;[^\&quot;]*)&quot; &quot;(?&lt;agent&gt;[^\&quot;]*)&quot;)?$
    Time_Key    time
    Time_Format %d/%b/%Y:%H:%M:%S %z

[PARSER]
    Name        apache
    Format      regex
    Regex       ^(?&lt;host&gt;[^ ]*) [^ ]* (?&lt;user&gt;[^ ]*) \[(?&lt;time&gt;[^\]]*)\] &quot;(?&lt;method&gt;\S+)(?: +(?&lt;path&gt;[^ ]*) +\S*)?&quot; (?&lt;code&gt;[^ ]*) (?&lt;size&gt;[^ ]*)(?: &quot;(?&lt;referer&gt;[^\&quot;]*)&quot; &quot;(?&lt;agent&gt;[^\&quot;]*)&quot;)?$
    Time_Key    time
    Time_Format %d/%b/%Y:%H:%M:%S %z

[PARSER]
    Name        syslog
    Format      regex
    Regex       ^(?&lt;time&gt;[^ ]* {1,2}[^ ]* [^ ]*) (?&lt;host&gt;[^ ]*) (?&lt;ident&gt;[a-zA-Z0-9_\/\.\-]*)(?:\[(?&lt;pid&gt;[0-9]+)\])?(?:[^\:]*\:)? *(?&lt;message&gt;.*)$
    Time_Key    time
    Time_Format %b %d %H:%M:%S
</code></pre>
<h3 id="_5">高级配置</h3>
<h4 id="fluentd_4">Fluentd缓冲区优化</h4>
<pre><code>&lt;buffer&gt;
  @type file
  path /var/log/td-agent/buffer
  flush_mode interval
  flush_interval 5s
  flush_thread_count 4
  chunk_limit_size 2M
  queue_limit_length 32
  overflow_action block
  retry_max_interval 30s
  retry_forever true
&lt;/buffer&gt;
</code></pre>
<h4 id="fluentd_5">Fluentd性能优化</h4>
<p>编辑 <code>/etc/sysconfig/td-agent</code>:</p>
<pre><code>TD_AGENT_ARGS=&quot;-o /var/log/td-agent/td-agent.log&quot;
TD_AGENT_JAVA_ARGS=&quot;-Xms512m -Xmx1024m&quot;
TD_AGENT_RUBY_GC_MALLOC_LIMIT=4000000
</code></pre>
<h2 id="graylog">Graylog 综合日志管理系统</h2>
<h3 id="_6">前置要求</h3>
<h4 id="java">安装Java</h4>
<pre><code class="language-bash"># 安装Java 11
yum install -y java-11-openjdk-devel
</code></pre>
<h4 id="mongodb">安装MongoDB</h4>
<pre><code class="language-bash"># 创建MongoDB源
cat &gt; /etc/yum.repos.d/mongodb-org-4.4.repo &lt;&lt; EOF
[mongodb-org-4.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/4.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc
EOF

# 安装MongoDB
yum install -y mongodb-org

# 启动MongoDB
systemctl start mongod
systemctl enable mongod
systemctl status mongod
</code></pre>
<h4 id="elasticsearch_5">安装Elasticsearch</h4>
<pre><code class="language-bash"># 安装Elasticsearch (以前面已安装为例)
</code></pre>
<h3 id="graylog_1">Graylog服务器安装</h3>
<h4 id="graylog_2">安装Graylog</h4>
<pre><code class="language-bash"># 添加Graylog源
rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm

# 安装Graylog
yum install -y graylog-server

# 生成密码Secret
SECRET=$(pwgen -N 1 -s 96)
echo &quot;password_secret = $SECRET&quot; &gt; /etc/graylog/server/server.conf.d/password_secret.conf

# 生成admin密码的SHA-256哈希
echo -n &quot;Enter Password: &quot; &amp;&amp; head -1 &lt;/dev/stdin | tr -d '\n' | sha256sum | cut -d&quot; &quot; -f1
</code></pre>
<h4 id="graylog_3">配置Graylog</h4>
<p>编辑 <code>/etc/graylog/server/server.conf</code>:</p>
<pre><code class="language-ini"># 主要配置
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = YOUR_SECRET_HERE
root_password_sha2 = YOUR_SHA256_PASSWORD_HASH_HERE

# 网络设置
http_bind_address = 0.0.0.0:9000
http_publish_uri = http://graylog_server_ip:9000/
http_external_uri = http://graylog_server_ip:9000/

# Elasticsearch设置
elasticsearch_hosts = http://localhost:9200
elasticsearch_max_time_per_index = 1d
elasticsearch_max_number_of_indices = 30
elasticsearch_shards = 1
elasticsearch_replicas = 0

# MongoDB设置
mongodb_uri = mongodb://localhost:27017/graylog

# Email设置
transport_email_enabled = true
transport_email_hostname = smtp.example.com
transport_email_port = 587
transport_email_use_auth = true
transport_email_use_tls = true
transport_email_use_ssl = false
transport_email_auth_username = your_email@example.com
transport_email_auth_password = your_email_password
transport_email_subject_prefix = [Graylog]
transport_email_from_email = graylog@example.com

# Web界面设置
web_enable = true
web_listen_uri = http://0.0.0.0:9000/
web_endpoint_uri = http://graylog_server_ip:9000/api/
</code></pre>
<h4 id="graylog_4">启动Graylog服务</h4>
<pre><code class="language-bash"># 启动Graylog
systemctl start graylog-server
systemctl enable graylog-server
systemctl status graylog-server

# 查看日志
tail -f /var/log/graylog-server/server.log
</code></pre>
<h3 id="_7">配置输入</h3>
<p>通过Web界面 (http://graylog_server_ip:9000) 登录Graylog并配置:</p>
<ol>
<li>使用Admin凭据登录</li>
<li>导航至 System &gt; Inputs</li>
<li>选择输入类型 (如 "Syslog UDP")</li>
<li>点击 "Launch new input"</li>
<li>配置必要参数 (如端口号)</li>
<li>保存输入</li>
</ol>
<h3 id="rsyslog">配置客户端 (rsyslog)</h3>
<p>在需要发送日志的服务器上配置rsyslog:</p>
<p>编辑 <code>/etc/rsyslog.d/90-graylog.conf</code>:</p>
<pre><code># 发送日志到Graylog
*.* @graylog_server_ip:514;RSYSLOG_SyslogProtocol23Format
</code></pre>
<p>重启rsyslog:</p>
<pre><code class="language-bash">systemctl restart rsyslog
</code></pre>
<h3 id="dashboard">创建Dashboard</h3>
<ol>
<li>导航至 Dashboards</li>
<li>点击 "Create dashboard"</li>
<li>添加部件 (Widgets)</li>
</ol>
<h3 id="_8">创建提取器</h3>
<ol>
<li>导航至 System &gt; Inputs</li>
<li>选择已配置的输入</li>
<li>点击 "Manage extractors"</li>
<li>点击 "Add extractor"</li>
<li>选择提取方法 (如正则表达式)</li>
<li>配置提取规则</li>
</ol>
<h3 id="_9">设置报警</h3>
<ol>
<li>导航至 Alerts</li>
<li>点击 "Create alert condition"</li>
<li>选择条件类型</li>
<li>配置通知</li>
</ol>












                
              </article>
            </div>
          
          
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
        </div>
        
      </main>
      
        <footer class="md-footer">
  
  <div class="md-footer-meta md-typeset">
    <div class="md-footer-meta__inner md-grid">
      <div class="md-copyright">
  
  
    Made with
    <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
      Material for MkDocs
    </a>
  
</div>
      
        <div class="md-social">
  
    
    
    
    
      
      
    
    <a href="https://git.opsx.vip/docs/PythonFullStackGuide.git" target="_blank" rel="noopener" title="git.opsx.vip" class="md-social__link">
      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
    </a>
  
    
    
    
    
    <a href="mailto:admin@attacker.club" target="_blank" rel="noopener" title="" class="md-social__link">
      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M48 64C21.5 64 0 85.5 0 112c0 15.1 7.1 29.3 19.2 38.4l217.6 163.2c11.4 8.5 27 8.5 38.4 0l217.6-163.2c12.1-9.1 19.2-23.3 19.2-38.4 0-26.5-21.5-48-48-48zM0 176v208c0 35.3 28.7 64 64 64h384c35.3 0 64-28.7 64-64V176L294.4 339.2a63.9 63.9 0 0 1-76.8 0z"/></svg>
    </a>
  
</div>
      
    </div>
  </div>
</footer>
      
    </div>
    <div class="md-dialog" data-md-component="dialog">
      <div class="md-dialog__inner md-typeset"></div>
    </div>
    
    
    <script id="__config" type="application/json">{"base": "../..", "features": [], "search": "../../assets/javascripts/workers/search.f8cc74c7.min.js", "translations": {"clipboard.copied": "\u5df2\u590d\u5236", "clipboard.copy": "\u590d\u5236", "search.result.more.one": "\u5728\u8be5\u9875\u4e0a\u8fd8\u6709 1 \u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.more.other": "\u5728\u8be5\u9875\u4e0a\u8fd8\u6709 # \u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.none": "\u6ca1\u6709\u627e\u5230\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.one": "\u627e\u5230 1 \u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.other": "# \u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.placeholder": "\u952e\u5165\u4ee5\u5f00\u59cb\u641c\u7d22", "search.result.term.missing": "\u7f3a\u5c11", "select.version": "\u9009\u62e9\u5f53\u524d\u7248\u672c"}}</script>
    
    
      <script src="../../assets/javascripts/bundle.60a45f97.min.js"></script>
      
        <script src="../../js/prism.js"></script>
      
    
  </body>
</html>